I am looking for tools and/or methods for discovering unannounced web
servers in my domain, a typical heterogeneous unfirewalled university
My motivation is partly security (to turn over as many rocks as I can
and see what wriggles out) and partly to automatically publicize
legitimate servers that students or departments may have set up on
their own machines.
This question really has two pieces:
(1) The obvious brute-force method to look for unnanounced but
legitimate servers would be to take a recent local host table and
attempt to connect to port 80 of every host with an HTTP "GET /"
request. Ideally such a program should pace itself slowly, work
during off-hours, etc. in order to minimize its impact on the campus
network. Does anyone know of an existing tool which does this or do
I need to write it?
(2) I'm also looking for less obvious methods, especially those
which may be able to detect servers on ports other than 80. Does
anyone know of existing tools or promising methods? They could
either operate by watching the network (sniffing for packets which
look like HTTP transactions, I suppose?) or, in a more limited
fashion, on a Unix server itself.
I've glanced through several lists of network security software
packages (e.g., "http://www.alw.nih.gov/Security/prog-network.html")
and seen some tools which look like they *might* be adaptable to this
purpose, but I'm hoping that there are tools which fit this need to
Please reply by *MAIL* and I will summarize. Thank you.
-- RiceInfo Administrator, Rice University / http://is.rice.edu/~riddle